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Reply to Office action of February 9, 2005 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims 
in the application: 

Listing of Claims: 

1 (Currently Amended). A security service for a shared network 
server comprising: 

providing a network and a shared network server coupled to the 
network, the shared network server having a fixed quantity of resources for 
responding to network requests; 

providing a constellation of front-end servers within the network; 

using the front-end servers to receive requests destined for the shared 
network server; [[and]] 

forwarding the received requests from the front-end servers to the 
shared network server at a governed rate; 

coupling a management server to each of the front-end servers: 

communicating metrics between the front-end servers and the 
management server: 

using the metrics to detect a denial of service attack targeted at the 
shared network server: 

using the metrics to determine configuration parameters for the front- 
end servers: and 

communicating the configuration parameters from the management 
server to the front-end servers . 

2(Original). The service of claim 1 wherein the governed rate is 
selected to present requests at a rate that will prevent overwhelming the fixed 
quantity of resources within the shared network server. 

3(Cancelled). 

4(Cancelled). 
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5(Original). The service of claim 1 further comprising dynamically 
altering the number of front-end servers in the constellation. 

6(Original). The service of claim 1 further comprising detecting a 
denial of service attack targeted at the shared network server; and 

preventing the act of forwarding the received requests in response to 
detecting the DoS attack. 

7(Currently Amended). A system for handling denial of service 
attacks on behalf of a shared network resource, the system comprising: 

a request processing component deployed within a network, the 
request processing component having an interface configured to receive 
5 requests on behalf of the shared network server; 

a rate control component coupled to the request processing 
component, the rate control component comprising program and data 
structures operable to selectively forward received requests to the shared 
network server at a rate selected to prevent the shared network server from 
10 crashing or becoming undesirably busy ; and 

a DoS attack detection component coupled to the request processing 
component and the rate control component and operable to monitor request 
metrics from the request processing component and provide configuration 
information to the rate control component, wherein the rate control component 
15 comprises mechanisms for preferentially forwarding reguests not related to 
the DoS attack in favor of request related to the DoS attack to the shared 
network resource . 

8(Cancelled). 

9(Cancelled). 

10(Original). The system of claim 7 further comprising: 
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a plurality of front-end servers deployed throughout a network, wherein 
the front-end servers are configured to implement the request processing 
component and the rate control component; 

a management server coupled to each of the front-end servers, the 
management server including mechanisms to send configuration information 
to the front-end servers, and receive request processing metrics from the 
request processing component. 

1 1 (Original). The system of claim 7 wherein the request processing 
component is configured to handle a greater volume of requests than the 
shared network resource. 

12(Original). The system of claim 7 further comprising mechanisms 
within the front-end servers operable to detect a denial of service attack; and 

13(Currently Amended). [[The]] A system [[of claim 10 further]] for 
handling denial of service attacks on behalf of a shared network resource, the 
system comprising : 

a request processing component deployed within a network, the 
request processing component having an interface configured to receive 
reguests on behalf of the shared network server; 

a rate control component coupled to the request processing 
component, the rate control component comprising program and data 
structures operable to selectively forward received reguests to the shared 
network server at a rate selected to prevent the shared network server from 
crashing or becoming undesirably busy; 

a plurality of front-end servers deployed throughout a network, wherein 
the front-end servers are configured to implement the reguest processing 
component and the rate control component; 

a management server coupled to each of the front-end servers, the 
management server including mechanisms to send configuration information 
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to the front-end servers, and receive request processing metrics from the 
request processing component; 

a back-end server coupled to receive the forwarded requests from the 
20 front-end servers; and 

a rate governor within the back-end server for selectively forwarding 
received requests to the shared network resource at a rate selected to 
prevent the shared network resource from crashing becoming undesirably 
busy. 

14(Currently Amended). A method for mitigating a denial of service 
attack comprising the acts of: 

providing a shared network resource coupled to a public network and 
receiving requests from the public network; 
5 providing a plurality of front-end servers, each having a unique network 

address and coupled to the shared network resource; 

assigning a plurality of front-end servers to the shared network 
resource, wherein the aggregate request processing capacity of the assigned 
front-end servers is greater than the request handling capacity of the shared 
10 network resource; 

causing requests for the shared network resource to be redirected 
through one of the front-end servers; and 

forwarding the requests from the front-end server to the shared 
network resource at a rate selected to inhibit a likelihood of a crash or an 
15 undesirable level of business; 

detecting a condition in which the number of requests is greater than 
the request capacity of the shared network resource; and 

generating a response to the requests from the front-end servers 
instead of forwarding the requests to the shared network resource, 
2 0 wherein the act of detecting comprises distinguishing reguests 

associated with a DoS attach from legitimate requests and the step of 
generating a response comprises generating a response only to reguests 
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associated with the DoS attack while forwarding legitimate requests to the 
shared network resource . 

15(Original). The method of claim 14 further comprising: 
in event of a denial of service attack comprising a plurality of malicious 
requests involving the shared network resource, causing at least some of the 
malicious requests to be delayed in the front-end servers before reaching the 
shared network resource. 

16(Original). The method of claim 14 further comprising: 

in event of a denial of service attack comprising a plurality of malicious 

requests involving the shared network resource, causing at least some of the 

malicious requests to be ignored by the front-end servers. 

17(Original). The method of claim 15 further comprising: 
in event of a denial of service attack comprising a plurality of malicious 
requests involving the shared network resource, causing at least some of the 
malicious requests to be ignored in the front-end servers before reaching the 
shared network resource. 

18(Cancelled). 

19(Cancelled). 

20(Original). The method of claim 14 further comprising: 

sending request processing metrics from each of the front-end servers 

to a centralized management server; and 

using the centralized management server to analyze the request 

processing metrics to detect a denial of service attack. 

21 (Currently Amended). The method of claim [[19]] 14 further 
comprising: 

sending configuration information from the centralized management 
server to some or all of the front-end servers in response to detecting a DoS 
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5 attack, the configuration information including an identification of address 
domains associated with the DoS attack; and 

using the configuration information in the front-end server to selectively 
drop requests from the address domain identified in the configuration 
information. 



\\\BO - 80142/2006 - 179484 v1 



7 



